V DonorSecurity · Veracity ← All apps
Internal protection

Seal a donor field. Keep the token, not the value.

Turn a sensitive value — an email, a phone number, a name — into an opaque af_… token and a sealed AES-256-GCM envelope. Public apps and shared systems only ever see the token. The real value stays sealed until someone with the organization's master key opens it.

Field-level encryption only. This seals individual values with AES-256-GCM — it is not a whole-database guarantee and it is not described as unbreakable. Everything on this page runs in your browser: nothing is uploaded, and the passphrase and values you enter never leave this page. Donor PII never enters a shared datastore.
1

Seal a field

Choose the organization's master key and the value you want to protect. Nothing here is sent anywhere — the token and envelope are computed in this browser tab.

2

Open a field

Paste back a sealed envelope and the same master key to recover the original value. The wrong key — or a tampered envelope — fails cleanly instead of returning a wrong answer.

3

Bulk seal optional

Paste a list of values, one per line — each is sealed with the same master key so you can hand a whole column of donor data over to a token list.